Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[This is an update to the Interac item in RISKS-33.32 on the outage. PGN] Alexandra Posadzki, *The Globe and Mail* (Canada), 25 Jul 2022) Millions of Canadians lost their cellphone, Internet, or home phone service for at least a day due to a coding error on 8 Jul 2022, when Rogers Communications was upgrading its wireless/broadband infrastructure. The telecommunications company has one core network that supports all its services, and company documents indicated a piece of code deleted a routing filter during the sixth phase of the seven-phase infrastructure upgrade. The deletion caused all possible channels to the Internet to pass through the routers, resulting in several devices exceeding their memory and processing capacities, inducing a network shutdown. Rogers uses equipment from different manufacturers in its network, and its router suppliers have different traffic management and overload safeguards, which the documents identified as the source of the outage. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ef56x234f88x070683& [Single point of failure? PGN]
https://www.channelnewsasia.com/commentary/ai-legal-liability-boeing-tesla-uber-car-crash-2828911 "There is a perverse incentive for firms to design AI that is artificially innocent. A better approach would involve more extensive harm reduction, says a professor of management."
Law enforcement officers face an air assault as drugs, weapons, and phones are flown in to prisoners. https://www.wired.com/story/drone-contraband-deliveries-prisons-united-states
*The improvements promise to stop Starlink satellites from reflecting too much sunlight as they travel over the night sky.* SpaceX is working on several upgrades to the company=E2=80=99s Starlink <https://www.pcmag.com/how-to/what-is-starlink-spacex-satellite-internet-service-explained> satellites in an effort to prevent them from bothering astronomers. The upgrades try to address how Starlink satellites can reflect sunlight as they orbit the Earth. This same light can accidentally photo-bomb <https://www.pcmag.com/news/starlink-satellites-are-photo-bombing-astronomy-images> astronomical observations, which has sparked concerns within the scientific community. In response, SpaceX has been working with astronomers to develop ways to reduce the amount of sunlight Starlink satellites will reflect over the night sky. On Thursday, the company published a document (Opens in a new window) that outlines the upgrades, which involve altering some design elements to the Starlink satellites. <https://api.starlink.com/public-files/BrightnessMitigationBestPracticesSatelliteOperators.pdf> [...] https://www.pcmag.com/news/starlink-satellites-get-upgrades-to-prevent-interference-with-astronomy
This is a remarkable piece of honest journalism, with eight NYT opinion columnists revisiting their earlier incorrect predictions. *The New York Times* Sunday Opinions, 24 July 2022 Thomas L. Friedman highlighted one of our recurring themes in RISKS, in his piece entitled "I was wrong about Chinese censorship": “Trust is a byproduct of truth, and truth is a product of a free and independent press—not everywhere and always, but more often than not.'' In RISKS, we try to let the truth tell the story, with some help from readers to get it closer to truth. Thanks again. However, as we have said before, ground truth is getting more difficult to ascertain. PGN
Muyi Xiao, Paul Mozur, Isabelle Qian and Alexander Cardin *The New York Times* National Edition 27 Jul 2022 centerfold pp. A10-A11, China's ambition to collect a staggering amount of personal data from everyday citizens is more expansive than previously known. ... Phone-tracking devices are everywhere. The police are creating some of the largest DNA databases in the world. And the authorities are building upon facial recognition technology to collect voice prints from the general public. Here are the bold-faced section heads in the full two-page article: * The Chinese police analyze human behaviors to ensure facial recognition cameras capture as much activity as possible. * The authorities are using phone trackers to link people's digital lives to their physical movements. * DNA, iris scan samples, and voice prints are being collected indiscriminately from people with no connection to crime. * The government wants to connect all of these data points to build comprehensive profiles for citizens—which would be accessible throughout the government. [Total Information Awareness? PGN]
Matthew Sparkes, *New Scientist*, 29 Jul 2022, via ACM TechNews, 1 Aug 2022 Michigan State University's Qiben Yan and colleagues have developed an artificial-intelligence voice jammer that can prevent anyone from recording the speech of a single target person. The Neural Enhanced Cancellation (NEC) tool exploits a bug contained within most microphones by introducing sounds at set distances above and below the microphone's recording frequencies. NEC taps this flaw to play inverse speech in the ultrasonic range outside of human hearing, the frequencies needed to clandestinely block an audible voice. The tool effectively blocked voices when tested on a range of Apple, Xiaomi, and Samsung smartphones from up to 3.6 meters (nearly 12 feet) away. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ef9fx235020x070817&
Tim Hortons Offers a Free Coffee and Pastry for Spying on People for Over a Year The wholesome Canadian chain caused a scandal when its privacy violation was revealed, and now it's proposing a free coffee and a baked good as restitution. https://www.vice.com/en/article/wxnnn4/tim-hortons-offers-a-free-coffee-and-pastry-for-spying-on-people-for-over-a-year
Natasha Singer, *The New York Times*, 31 Jul 2022, via ACM TechNews, 1 Aug 2022 A cyberattack on student-tracking software provider Illuminate Education highlights the inadequacies of student privacy safeguards. The breach worries cybersecurity and privacy experts because it involved sensitive personal details about students or student data dating back over 10 years. Technology companies and education reformers have pressured schools to adopt software that can catalog and categorize student behavior to help educators identify and assist at-risk students. With hacks on school software vendors increasing, the exposure of such information could have long-term ramifications. Said New Mexico attorney general Hector Balderas, "My concern is there will be bad actors who will exploit a public school setting, especially when they think that the technology protocols are not very robust. And I don't know why Congress isn't terrified yet." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ef9fx23501ex070817&
This summer's heat wave knocked roads, railways, and runways out of action. But existing solutions could help shore up critical infrastructure. https://www.wired.com/story/europe-transport-heat-wave-solutions This just discusses transportation—there's also power lines, oil/gas pipelines, water/sewage infrastructure.
https://www.techspot.com/news/95405-watch-chess-playing-robot-grabs-child-opponent-finger.html According to Sergey Smagin, vice-president of the Russian Chess Federation, the boy responded before the robot had completed its move. [..] Smagin seemed to put most of the blame on the victim. "There are certain safety rules and the child, apparently, violated them. When he made his move, he did not realize he first had to wait, This is an extremely rare case, the first I can recall.'' 1. As a parent, I find the assumption that a nine-year-old will perfectly follow ANY sort of rule profoundly optimistic :). 2. It's an industrial robot, and they tend to have pressure sensitive grips (exactly because full force could crush whatever they grab). Unless the chess pieces were made of uranium, gold or other overly dense material (the brain matter of the operators involved?), there should have been a low grip force set, low enough for a child to wiggle out of. 3. In most civilised countries, human + proximity to powerful mechanics tends to mandate a nearby emergency stop. Oops. I get the impression that the rule breaking child exposed at a minimum a lack of critical thinking of the parties involved. [Even if corporations are people (Citizens United) and AI machines are people, industrial-strength robots should not be allowed to play chess. PGN]
Connected car companies now charge owners to use physical hardware they already bought—but some owners are pushing back. Extra features have been built into the software of cars for a number of years, from more sophisticated cruise control with speed management and lane-keep assist, to fancy light shows on startup. They are switched on for top-of-the-range models and left dormant for others, with some offered as "dealer fit" options, sold in the showroom to a customer collecting their new car. https://www.wired.com/story/bmw-heated-seats-as-a-service-model-has-drivers-seeking-hacks [I recall in the 1960s that AT&T offered a more expensive data service which was enabled by clipping a single wire. PGN]
https://www.npr.org/2022/07/25/1113004433/online-shopping-deals-algorithm-pricing-regulation "Theoretically, these algorithms could be good for competition. For example, if one business sets a price, the algorithm could automatically undercut it, resulting in a lower price for the consumer. "But it doesn't quite work that way, MacKay said. In a paper he co-authored in the National Bureau of Economic Research, he studied the way algorithms compete. He found that when multiple businesses used pricing algorithms, both knew that decreasing their price would cause their rival to decrease their price, which could set off a never-ending chain of price decreases."
More like a benefit than a risk... A trick of the light is helping scientists turn optical fibres into potential disaster detectors. https://www.newyorker.com/science/elements/undersea-internet-cables-can-detect-earthquakes-and-may-soon-warn-of-tsunamis
Bree Fowler, CNET, 27 July 2022 The average cost of a data breach rose to an all-time high of $4.M marked a 2.6% increase from a year ago and a 13% jump since 2020. More than half of the organizations surveyed acknowledged they had passed on those costs to their customers in the form of higher prices for their products and services, IBM said. The annual report is based on an analysis of data breaches experienced by 550 organizations around the world between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM, was conducted by the Ponemon Institute. The cost estimates are based on both immediate and longer-term expenses. While some costs like the payment of ransoms and those related to investigating and containing the breach tend to be accounted for right away, others such as regulatory fines and lost sales can show up years later. On average, those polled said they accrued just under half of the costs related to a given breach more than a year after it occurred. https://www.cnet.com/tech/services-and-software/average-data-breach-costs-hit-a-record-4-4-million-report-says/
Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News. <https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/>
These controls, which are buried inside products from Apple, Google, Meta and others, make us share more data than we need to. https://www.nytimes.com/2022/07/27/technology/personaltech/default-settings-turn-off.html
Martin Shkreli—the notorious ex-pharmaceutical executive fresh from prison after his 2017 fraud conviction—announced his latest, eyebrow-raising venture this week: the creation of a blockchain-based Web3 drug discovery platform that traffics in his own cryptocurrency, MSI, aka Martin Shkreli Inu. https://www.wired.com/story/martin-shkreli-druglike-crypto-web3-drug-discovery-platform/
The UK recently declined to regulate prize draws as a form of gambling, but does it matter? The industry has moved on to more problematic ways to make money. Whenever a term from the world of video games enters broader society, it’s a safe bet that it's not for a good reason. Loot boxes—like Hot Coffee or Gamergate—don;t buck this trend. For at least the past five years, driven by a mix of grassroots Reddit organizing and parental horror stories—"my teen spent £6,000 on FIFA cards"”-- these randomized prize draws have attracted the world's ire; in several countries, they're now illegal. Last week, after a 22-month consultation, the UK government decided that loot boxes will not be regulated under betting laws. Despite finding a link between these systems and problem gambling, the government has left regulation up to the industry. https://www.wired.com/story/loot-boxes-predatory-monetization-games The risk? Not understanding new risks...
To secure the land for its multibillion-dollar Downtown West development, the company has had to track down dozens of distant relatives of 19th-century landowners. https://www.wired.com/story/google-downtown-west-san-jose-lawsuits-land-descendants/ The risk? Not using blockchain in the 1800s to track real estate!
It didn't take long for the conspiracy theorists to weave a fresh tragedy into their twisted narrative. Just hours after a disturbed 18-year-old armed with an AR-15 assault rifle and racist hate walked into a grocery store in Buffalo and murdered 10 innocent people, on Sunday, May 15, the mass shooting was already being reimagined as part of a plot involving some of the world's largest companies. https://fortune.com/2022/06/02/online-trolls-using-dangerous-lies-to-take-down-executives-and-companies/ [UnFORTUNEate. PGN]
Since then, "breakthrough cases" have become common, with triple-vaccinated Americans regularly catching SARS-CoV-2 and staying sick for much longer than the unvaccinated... https://twitter.com/VaxxedFox/status/1550930366566961152
Tried silicon substitutes but that effort fell flat. Literally and tonally https://www.theregister.com/2022/07/22/yamaha_chip_shortage/
[This story is super-redundant with oodles of reported complaints. I have shortened it considerably. PGN] “Every time Ken Jennings says 'Alexa', my echo is activated,'' ... even the tech company had to buzz in on the categorically hilarious issue, responding to one viewer, “temporarily mute your Alexa device.'' The player herself - Alexa - then posted, “Thank you all for the well wishes tonight! Also, if you're complaining that your Amazon device was set off tonight, I can't do much about that!'' https://www.the-sun.com/entertainment/5872572/jeopardy-ken-jennings-mayim-bialik-alexa-amazon-detail/
Ukrainian technology companies have earned billions. But with most executives unable to meet foreign clients, the good times may not last. https://www.nytimes.com/2022/07/22/business/ukraine-tech-companies-putin.html
Totally nutso privacy paranoia! -L https://www.androidpolice.com/dutch-ministry-chromeos-restrictions-in-schools/
For decades, we've used leap seconds to keep our computers in sync with Earth's rotation time. Now, Meta and many others argue that new leap seconds are more trouble than they're worth. In her hit song, Cher sang, "If I could turn back time <https://www.youtube.com/watch?v=9n3A_-HRFfc>." For her, that would be a good thing. But in the computing world, Meta, formerly Facebook, believes it would be a very bad thing indeed. In fact, Meta wants to get rid of leap seconds which keep computing time in sync with Earth's rotational time. <https://engineering.fb.com/2022/07/25/production-engineering/its-time-to-leave-the-leap-second-in-the-past/>, Meta's not the only one that feels that way. The US National Institute of Standards and Technology (NIST), its French equivalent (the Bureau International de Poids et Mesures or BIPM), Amazon, Google, and Microsoft all want to put an end to leap seconds. Why? As Meta explained in a blog post <https://engineering.fb.com/2022/07/25/production-engineering/its-time-to-leave-the-leap-second-in-the-past/>, "We bump into problems whenever a leap second is introduced. And because it's such a rare event, it devastates the community every time it happens. With a growing demand for clock precision across all industries, the leap second is now causing more damage than good, resulting in disturbances and outages." Therefore, Meta concludes, we should simply "stop the future introduction of leap seconds." https://www.zdnet.com/home-and-office/networking/tech-giants-want-to-put-an-end-to-leap-seconds/
Francisco Pires, *Tom's Hardware*, 28 Jul 2022, via ACM TechNews, 1 Aug 2022 Quantum Computing Inc. (QCI) solved a 3,854-variable optimization problem for German automaker BMW in six minutes, using its Entropy Quantum Computing (EQC) solution to determine the ideal placement of vehicle sensors in BMW's Vehicle Sensor Placement Challenge 2022. EQC factors the changing environment into its calculations, saving time and expense by not having to control for all variables outside the Quantum Processing Unit. Said QCI's Bob Liscouski, "We believe that this proves that innovative quantum computing technologies can solve real business problems today." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ef9fx235028x070817&
How would they define AI? If we had a black box that we communicated with, what test would prove that the content of the bos is or is not an AI? I prefer a broad definition of AI. I would include James Watt's flyball governor from 1788. It figured out for itself how to manipulate the throttle, and it displaced human workers who could have done the same thing. That sounds to me like an AI. Don't forget that trained-neural-networks being almost the only way to implement AI may not be a durable paradigm.
Dan Eakins posted a link with a tantalizing subject and geoff goodfellow followed up with more details. However, neither one mentioned the significant risks of attempts at solar radiation management (the usual term for blocking some incoming sunlight). The first big risk is that less incoming short-wave radiation means less evaporated water which will lead to significant drops in global precipitation. This could threaten drinking water supplies and crop yields around the world. Some studies suggest that trying to block sunlight only in polar regions would provide cooling without as much loss of precipitation (e.g., https://acp.copernicus.org/articles/14/7769/2014/) but this is difficult to do and is not attainable from some sort of sun shield sitting at L1 as suggested in the article. A second risk is that cooling only with solar radiation management does nothing to affect the buildup of CO2 in the atmosphere or the oceans. This means continued acidification of the oceans and a large rebound effect any time the solar radiation management is interrupted or stopped. [Disclaimer, I do not speak for my employer or the National Science Foundation. goldy] [Reminder: I generally toss the disclaimers, because they are implicit in every issue of RISKS. However, some employers or government contracts require their presence. PGN]
https://www.acm.org/media-center/2022/july/jrc-launch ACM, the Association for Computing Machinery, announced it is now accepting submissions for a new publication, the ACM Journal on Responsible Computing (JRC). The launch of this new ACM journal reflects both the phenomenal growth of computing around the world and the profound impact computing technologies continue to have on so many aspects of life and society as a whole. JRC will publish high-quality original research at the intersection of computing, ethics, information, law, policy, responsible innovation, and social responsibility from a wide range of convergent, interdisciplinary, multidisciplinary, and transdisciplinary perspectives. The editorial board welcomes papers using any or a combination of computational, conceptual, qualitative, quantitative, and other methods to make contributions to knowledge, methods, practice, and theory, broadly defined. [Lauren has spent many years addressing all of the issues that will be covered by the JRC. He is of course the person behind People for Internet Responsibility, the Network Neutrality Squad, and the Privacy Forum, from which I have derived many RISKS items over the past four decades. I am enomrously grateful for his steadfast concern and insights. PGN]
In April 2022, we generated the Medical Safety Promotion Organization (MSPO, NPO equivalent) concerning research and education of medical safety (i.e., patient safety and healthcare safety for mega disaster and pandemic infectious diseases). In January 2023, MSPO launches the High Education Program of Medical Safety (HEPMS). It is one year education school for health experts to promote knowledges and skills in this specific field. All lessons are English on-demand programs. Here is the application guide. https://mspo.org/en/education/2023/adm.html
Please report problems with the web pages to the maintainer